Skip to main content
PUT
/
notes
/
{id}
curl -X PUT \
  'https://app.medisync.me/api/notes/664e0b1f7c2a5e0011fa9911' \
  -H 'Authorization: Bearer your_jwt_token_here' \
  -H 'Content-Type: application/json' \
  -d '{
    "notes": "Updated notes: symptoms improved, EKG normal, continue treatment.",
    "summary": "Improved symptoms, normal EKG, continue treatment"
  }'
const response = await fetch(
  'https://app.medisync.me/api/notes/664e0b1f7c2a5e0011fa9911',
  {
    method: 'PUT',
    headers: {
      'Authorization': 'Bearer your_jwt_token_here',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      notes: 'Updated notes: symptoms improved, EKG normal, continue treatment.',
      summary: 'Improved symptoms, normal EKG, continue treatment'
    })
  }
);

const result = await response.json();
import requests

response = requests.put(
    'https://app.medisync.me/api/notes/664e0b1f7c2a5e0011fa9911',
    headers={
        'Authorization': 'Bearer your_jwt_token_here',
        'Content-Type': 'application/json'
    },
    json={
        'notes': 'Updated notes: symptoms improved, EKG normal, continue treatment.',
        'summary': 'Improved symptoms, normal EKG, continue treatment'
    }
)

result = response.json()
{
  "success": true,
  "data": {
    "_id": "665f1c2a9b1e8a0012ab34cd",
    "appointment_id": "664e0b1f7c2a5e0011fa9911",
    "notes": "Updated notes: symptoms improved, EKG normal, continue treatment.",
    "summary": "Improved symptoms, normal EKG, continue treatment",
    "citations": null,
    "createdAt": "2026-06-30T10:30:00.000Z",
    "updatedAt": "2026-06-30T14:20:00.000Z"
  }
}

Overview

Update the notes for a specific appointment. The endpoint locates the appointment by ID, then updates the notes document associated with it. All body fields are optional.
This operation is scoped to the owning doctor. The appointment identified by {id} must belong to the authenticated user. A request for an appointment you do not own returns 403 Forbidden, an unknown appointment returns 404 Appointment not found, and an appointment that has no notes yet returns 404 Notes not found.

Authentication

Authorization
string
required
Bearer token for authenticated access. The doctor (user) identity is taken from the JWT.
Authorization: Bearer your_jwt_token_here
A missing or invalid token returns 401 with a message field. See Error Responses.

Path Parameters

id
string
required
Appointment ID (MongoDB ObjectId, 24 hex characters) whose notes to update. Must be owned by the authenticated doctor.

Body Parameters

notes
string
Notes content to set. Omitting the field (or sending an empty string) keeps the existing value — an empty value does not clear the field. Markdown asterisks are stripped server-side before storage.
summary
string
Summary to set. Omitting the field (or sending an empty string) keeps the existing value.
appointment_id
string
Optional override for the stored appointment_id. Keeps the existing value when omitted.

Response

success
boolean
Indicates whether the operation succeeded.
data
object
The updated notes document.
error
string
Error message (only present when success is false).
The data object is the full saved notes document and may contain additional fields beyond those listed above. Treat any unlisted fields as opaque.

Example Request

curl -X PUT \
  'https://app.medisync.me/api/notes/664e0b1f7c2a5e0011fa9911' \
  -H 'Authorization: Bearer your_jwt_token_here' \
  -H 'Content-Type: application/json' \
  -d '{
    "notes": "Updated notes: symptoms improved, EKG normal, continue treatment.",
    "summary": "Improved symptoms, normal EKG, continue treatment"
  }'
const response = await fetch(
  'https://app.medisync.me/api/notes/664e0b1f7c2a5e0011fa9911',
  {
    method: 'PUT',
    headers: {
      'Authorization': 'Bearer your_jwt_token_here',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      notes: 'Updated notes: symptoms improved, EKG normal, continue treatment.',
      summary: 'Improved symptoms, normal EKG, continue treatment'
    })
  }
);

const result = await response.json();
import requests

response = requests.put(
    'https://app.medisync.me/api/notes/664e0b1f7c2a5e0011fa9911',
    headers={
        'Authorization': 'Bearer your_jwt_token_here',
        'Content-Type': 'application/json'
    },
    json={
        'notes': 'Updated notes: symptoms improved, EKG normal, continue treatment.',
        'summary': 'Improved symptoms, normal EKG, continue treatment'
    }
)

result = response.json()

Example Response

{
  "success": true,
  "data": {
    "_id": "665f1c2a9b1e8a0012ab34cd",
    "appointment_id": "664e0b1f7c2a5e0011fa9911",
    "notes": "Updated notes: symptoms improved, EKG normal, continue treatment.",
    "summary": "Improved symptoms, normal EKG, continue treatment",
    "citations": null,
    "createdAt": "2026-06-30T10:30:00.000Z",
    "updatedAt": "2026-06-30T14:20:00.000Z"
  }
}

Error Responses

{
  "success": false,
  "message": "Unauthorized"
}
{
  "success": false,
  "message": "Session ended on this device because you signed in elsewhere.",
  "code": "SESSION_REVOKED"
}
{
  "success": false,
  "error": "Forbidden"
}
{
  "success": false,
  "error": "Appointment not found"
}
{
  "success": false,
  "error": "Notes not found"
}

Behavior Notes

  • Two-step lookup: The endpoint first finds the appointment, then the notes document associated with it.
  • Partial updates: Only provided fields are updated. Omitting a field — or sending an empty string for notes/summary — preserves the existing value.
  • Asterisk stripping: Markdown asterisks are removed from notes before storage.
  • Timestamps: updatedAt is set automatically when the notes are saved.

Status Codes

  • 200 — Notes updated successfully.
  • 400 — Save failure.
  • 401 — Missing, invalid, or revoked authentication token.
  • 403 — Authenticated user does not own the appointment.
  • 404 — Appointment not found, or no notes exist for the appointment.